Simply enabling the IPV6 package (disabled by default) causes the router to not be able to connect to the internet. PPPoE connect attempts fail with no useful information in the log.
Has someone else seen this weird issue before?
Simply enabling the IPV6 package (disabled by default) causes the router to not be able to connect to the internet. PPPoE connect attempts fail with no useful information in the log.
Has someone else seen this weird issue before?
![]() ![]() ![]() |
|
Not seen that, however, /system logging (and assuming winbox/webfig) add a new log type with no topics selected, and action memory. That should enable more info in the log to troubleshoot. Delete or disable that rule though when finished or it will overrun the log very quickly.
For equally unknown reasons it has now decided to work as far as connecting. But I still don't have working IPV6.
The 'howtos' I have found so far indicate the way to do this with Mikrotik is to run a DHCPv6 client on the WAN interface. This does not appear to be working either showing status of "searching". Additionally, none of the advice topology I have found refloects how things are done here, leaving me to fill in the blanks.
Should this client run on vlan 10 or the pppoe interface?
Is the advice wrong and there is another way?
What I have done so far:
ipv6 / dhcpv6-client
interface = dialer0 (pppoe interface)
request = prefix
pool name = ipv6-pool
add default route = yes
I've had no trouble running IPv6 on PPPoE on VLAN 10.
The DHCP Client should be listening on the interface where you get your IPv4 public IP - so if you're using PPPoE, it should be on the PPPoE interface.
I've never had the IPv6 module break IPv4. If you have a default-deny policy on your ipv6 firewall (as you should..) you'll need to allow DHCPv6
Which ISP are you with?
MattR:
The DHCP Client should be listening on the interface where you get your IPv4 public IP - so if you're using PPPoE, it should be on the PPPoE interface.
I've never had the IPv6 module break IPv4. If you have a default-deny policy on your ipv6 firewall (as you should..) you'll need to allow DHCPv6
Which ISP are you with?
So my config should be "correct" then... I am with InspireNet.
The IPV6 module thing was weird. It appeared to break it but next time it worked... No explanation.
I'm on 2degrees, so I'm just guessing here.
In the DHCPv6 Client config, which requests do you have? Try "prefix" only - not info or address.
Edit: I see you've already got that..
MattR:
In the DHCPv6 Client config, which requests do you have? Try "prefix" only - not info or address.
That's what I have, thanks.
As follows:
ipv6 / dhcpv6-client
interface = dialer0 (pppoe interface)
request = prefix
pool name = ipv6-pool
add default route = yes
Inspire's IPv6 page says you need to email them to get it enabled, I assume you've done that?
Are you firewalling icmp6 and/or udp/546?
Can't think of any other reason why it wouldn't work.
MattR:
Inspire's IPv6 page says you need to email them to get it enabled, I assume you've done that?
Are you firewalling icmp6 and/or udp/546?
I was alocated a /56 at the time of setting up the account.
I don't see anything mentioned under IP / Firewall or IPV6 / Firewall.
But it doesn't say what the default is and I am not yet familiar enough with Mikrotik.
Is this something which needs to be explicitly set?
default is allow, so you'll want to configure some rules. Leaving it open to the world is a very bad idea. Do IPv4 right now - there are multiple exploits that target the management interface of the Mikrotik unless it's a very recent OS version.
MattR:
default is allow, so you'll want to configure some rules. Leaving it open to the world is a very bad idea. Do IPv4 right now - there are multiple exploits that target the management interface of the Mikrotik unless it's a very recent OS version.
I have already restricted access to the management interface and it's the latest O/S. But good advice thanks.
If you ask mikrotik support "It will be fixed in ROS 7"
Ray Taylor
Taylor Broadband (rural hawkes bay)
www.ruralkiwi.com
There is no place like localhost
For my general guide to extending your wireless network Click Here
Inspire have fixed the issue (configuration problem at their end) and I now have IPV6 (yay!), however, all my DMZ IPV4 traffic is now showing at the remote end as originating from the WAN IP address and not the host's statically assigned publicly-routable IPV4 address.
I have covered the obvious bases - checked the host has it's correct IPV4 address configured. Check.
Plugged my Cisco back in and the problem is fixed so it's definately at my end.
It appears what is happening is the Mikrotik is NATing IPV4 even though it doesn't need to NAT hosts in the DMZ vlan.
Whether this is a consequence of enabling IPV6 or something I have just noticed, I don't know. I have only had the Mikrotik for about a week. I disabled IPV6 by stopping the DHCPv6 client and the issue persisisted.
Can anyone here shed some light on what is happening please? I will continue to Google for a resolution.
In Cisco terminology, I assume what's needed is to specify an internal interface for "nat inside".
You need to look at any masquerade/srcnat rules and apply to a specific source address only (rather than all).
Spyware:
You need to look at any masquerade/srcnat rules and apply to a specific source address only (rather than all).
Thanks for that. All fixed now.
I have learned a new some new Mikrotik stuff today. :-)
You should put a srcnat accept rule before the srcnat masqerade rule that filters the specific addresses in the firewall nat
Cyril
|
![]() ![]() ![]() |